[QA] tokens invalidated during server upgrade prevent re-login

[jnweiger]

Seen with upgrade from 10.12.0 to 10.13.0-rc.1 with openidconnect-2.2.0 (same in both owncloud-complete bundles)

• occ upgrade works perfectly fine. New logins via keycloak work perfectly fine after the upgrade. OK
• A user who was logged in before the upgrade (and as their session invalidated by the upgrade) tries to re-login and fails. BAD

Manual workaround:

• Edit the URL and remove everything after the &requesttoken=... part. Then re-login works.

Expected behaviour:

• Invalid tokens allow a "retry with a clean session" feature, so the user knows what to do.

Maybe this also causes https://github.com/owncloud/openidconnect/issues/283

[nodens]

Hi, FYI, not sure this is the same as #283:

there when I log in the return url (after IDP) looks like https://domain.tld/index.php/apps/openidconnect/redirect?state=6772948735b61bf659d8b2b69c92ade2&session_state=687b0969-4be4-46ce-b275-3708713d7f47&code=a62c0273-e1a5-43ed-9b3b-5c0bb6426fbe.687b0969-4be4-46ce-b275-3708713d7f47.c4dc1b4e-df3e-42a5-9761-3c2a68ee7352

I see no requesttoken parameter, and if I remove some parameters I get either a 403 (as before) or a 503 because the code is invalid. I can't actually log in.